OWASP ZSC is an open source software written in python language which allows you generate customized shellcodes and convert scripts to obfuscated ones. This software can be run on Windows/Linux/OSX under python.

Usage of shellcodes

Shellcode is basically a list of carefully crafted instructions that can be executed once the code is injected into a running application. Stack and heap-based buffer overflows are the most popular way of doing so. The term shellcode literally refers to written code that starts a command shell. (extracted from techtarget)

Shellcodes could be use as the payload in software exploitation. Other usages are in malwares, bypassing anti-viruses, to obfuscate code among others.

Usage of Obfuscate Codes

Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic, in order to prevent tampering, deter reverse engineering, or as a puzzle or recreational challenge for someone reading the source code.

Programs known as obfuscators transform readable code into obfuscated code using various techniques.

(Extracted from wikipedia)

Why use OWASP ZSC ?

Similar to other shellcode generators such as metasploit tools , OWASP ZSC allows you to generate new encodes and methods which antiviruses won't detect.

OWASP ZSC encoding is able to create shellcodes with random encodes that allows you to generate thousands of new dynamic shellcodes with the same job in just a second, it means you will not get the same output encode if you use random encodes with the same commands. This makes OWASP ZSC one of the bests in its nature to bypass anti-virus and test payloads!

Many exploits available on the internet do not contain reliable shellcodes or, even worse, the shellcode included can actually harm your computer. The best way to be sure that the shellcode you have is reliable and secure, is to generate your shellcode. OWASP ZSC has many options to generate shellcode from custom commands and system calls.

Also OWAPS ZSC has the ability to get Shellcodes/payloads from Shell-Storm.org database

Support for generating shellcodes for other OS is available but still in development.

results matching ""

    No results matching ""